Linux

49711 readers

700 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

Use AWS Windows instance as an SSH proxy? (lemmy.ml)

submitted 22 hours ago* (last edited 22 hours ago) by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

My work has given me a remote windows desktop to use, that I access using AWS.

Through this windows desktop (accessed via a chrome web-browser), I can SSH into a compute node to do work.

I dont actually need this virtual desktop, I'd rather just SSH from my local machine directly to the compute node, using the remote desktop's network without having to spawn the desktop itself.

Ive been reading up about SSM agents[0] as a solution, but am unsure if I have the priveledges to do this myself.

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html#ssh-connections-enable

Is this something I can easily do using the AWS credentials that I have?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 21 hours ago (1 children)

From having played with the remote desktop offering from AWS, it's a Windows Server running a terminal session. It's likely heavily locked down and on its own network with likely no inbound network connectivity.

Similarly, the compute nodes are likely to be locked down to only accept connections from the remote desktop network.

It all depends on what the brief was to whomever set it up.

You might be able to do some shenanigans with the web browser on the remote desktop, but for my money, I'd just open your browser, set it to full screen and forget about how your keystrokes are travelling.

Ultimately, unless you're a shareholder, it's their money.

And for the record, it might be that the IT department doesn't want you to run your own SSH session for a bunch of very good reasons.

[–] [email protected] 0 points 18 hours ago (1 children)

Yeah the browser seems to be what I'm resigned to. In terms of security, there isn't really much stopping me from spawning an reverse SSH proxy to a public server from within the desktop, and then connecting to that....

If I wanted to wreac havok, my user would still need to be in the right access groups to do anything. I feel that cutting out the middleman and letting me connect directly to the bastion would be easier for everyone...

[–] [email protected] 2 points 18 hours ago (1 children)

Except that the idea is that you cannot get data in or out of the corporate network. Depending on how it's implemented will determine how successful that is.

Regardless, you're likely to lose your job if it's detected without written permission and even then it's likely to turn into a security pissing match.

[–] [email protected] 1 points 16 hours ago* (last edited 16 hours ago)

In the scenario I have, the browser clipboard literally lets me drag-and-drop files to my laptop. I do hear your wider point though